Go to the top
IKE Phase1 Negitiation MSGs
Sunday / Feb 21, 2016 /

Troubleshooting IKEV1 (ISAKMP) – Phase 1 of Site-To-Site (L2L) VPNs

Ziaul / ASA, Cisco, VPN /

Troubleshooting a site-to-site VPN tunnels that is not working can be a difficult task, luckily most VPN appliances provide ample debugging information to diagnose the issue. When viewing this debugging information, a good set of steps can be taken to isolate the exact issue. Each functional VPN Tunnel consists of two tunnel processes, Phase 1 […]

Continue reading
SSL_VPN
Wednesday / Feb 10, 2016 /

Configuring Cisco Anyconnect over SSL on ASA 8.4+ & LDAPS Auth – CLI

Ziaul / ASA, Cisco, VPN /

Prerequisites for tidy implementation: A DNS record mapped to the outside IP address of the ASA firewall.(For example: access.example.co.uk) SSL Certificate installed on the ASA firewall for this domain name, ideally from 3rd party supplier. Appropriate type and number of anyconnect licenses are installed on the ASA. By default 2 licenses are available on base […]

Continue reading
Meru Controller SD matrix
Monday / Jan 04, 2016 /

Upgrading Meru Controller (Single) and APs Firmware using CLI

Ziaul / Meru, Upgrade /

Things to consider when upgrading the firmware: Compatibility of the firmware with the Controller and AP. This can be checked from the recommended SD matrix available on Meru support portal. Example Matrix will look like:   Backup the running configuration to external location (TFTP). Turn off the auto-ap-upgrade feature on the controller where there are […]

Continue reading
NAT Sections & Format
Thursday / Oct 15, 2015 /

Upgrading ASA IOS & migrating NAT from ASA 8.2 to 8.3+

Ziaul / ASA, Cisco, NAT, Upgrade /

Things to consider when planning for IOS upgrade in ASA: Is the upgrade Major or Minor? Is hardware upgrade required for the new IOS such as RAM? Compatibility of the IOS with the hardware also known as Compatibility Matrix. Upgrade Path that need to be followed. Is NAT migration needed? Command/ Configuration changes on the […]

Continue reading
Inter Context Route Topology
Friday / Sep 04, 2015 /

Communication between security contexts in ASA / Inter-context routing

Ziaul / ASA, Cisco, Network Security /

The virtual firewall methodology enables a physical firewall to be partitioned into multiple standalone firewalls. Each standalone firewall acts and behaves as an independent entity with its own configuration, interfaces, security policies, routing table, and administrators. In Cisco ASA, these virtual firewalls are known as security contexts. In some situations, we will need to allow […]

Continue reading
Active_Active_topology
Sunday / Aug 23, 2015 /

Cisco ASA Firewall High Availablity – Active/Active Failover Configuration

Ziaul / ASA, Network Security /

The Cisco ASA failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a stateful failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs. In case of Active/active configuration […]

Continue reading